feat(backend): add max invites to /users/@me responses, use token ID for DELETE /auth/tokens/{id}

This commit is contained in:
Sam 2023-03-13 17:01:36 +01:00
parent 10adeec841
commit 62b2e3ca0d
No known key found for this signature in database
GPG Key ID: B4EF20DDE721CAA1
5 changed files with 23 additions and 5 deletions

View File

@ -81,8 +81,8 @@ func (db *DB) SaveToken(ctx context.Context, userID xid.ID, tokenID xid.ID) (t T
func (db *DB) InvalidateToken(ctx context.Context, userID xid.ID, tokenID xid.ID) (t Token, err error) {
sql, args, err := sq.Update("tokens").
Where("user_id = ?").
Where("token_id = ?").
Where("user_id = ?", userID).
Where("token_id = ?", tokenID).
Set("invalidated", true).
Suffix("RETURNING *").
ToSql()

View File

@ -77,7 +77,7 @@ func Mount(srv *server.Server, r chi.Router) {
// tokens
r.With(server.MustAuth).Get("/tokens", server.WrapHandler(s.getTokens))
r.With(server.MustAuth).Post("/tokens", server.WrapHandler(s.createToken))
r.With(server.MustAuth).Delete("/tokens", server.WrapHandler(s.deleteToken))
r.With(server.MustAuth).Delete("/tokens/{id}", server.WrapHandler(s.deleteToken))
})
}

View File

@ -7,7 +7,9 @@ import (
"codeberg.org/u1f320/pronouns.cc/backend/db"
"codeberg.org/u1f320/pronouns.cc/backend/server"
"emperror.dev/errors"
"github.com/go-chi/chi/v5"
"github.com/go-chi/render"
"github.com/jackc/pgx/v4"
"github.com/rs/xid"
)
@ -53,8 +55,17 @@ func (s *Server) deleteToken(w http.ResponseWriter, r *http.Request) error {
ctx := r.Context()
claims, _ := server.ClaimsFromContext(ctx)
t, err := s.DB.InvalidateToken(ctx, claims.UserID, claims.TokenID)
tokenID, err := xid.FromString(chi.URLParam(r, "id"))
if err != nil {
return server.APIError{Code: server.ErrBadRequest}
}
t, err := s.DB.InvalidateToken(ctx, claims.UserID, tokenID)
if err != nil {
if errors.Cause(err) == pgx.ErrNoRows {
return server.APIError{Code: server.ErrNotFound}
}
return errors.Wrap(err, "invalidating token")
}

View File

@ -27,6 +27,7 @@ type GetUserResponse struct {
type GetMeResponse struct {
GetUserResponse
MaxInvites int `json:"max_invites"`
Discord *string `json:"discord"`
DiscordUsername *string `json:"discord_username"`
}
@ -156,6 +157,7 @@ func (s *Server) getMeUser(w http.ResponseWriter, r *http.Request) error {
render.JSON(w, r, GetMeResponse{
GetUserResponse: dbUserToResponse(u, fields, members),
MaxInvites: u.MaxInvites,
Discord: u.Discord,
DiscordUsername: u.DiscordUsername,
})

View File

@ -212,7 +212,12 @@ func (s *Server) patchUser(w http.ResponseWriter, r *http.Request) error {
}
// echo the updated user back on success
render.JSON(w, r, dbUserToResponse(u, fields, nil))
render.JSON(w, r, GetMeResponse{
GetUserResponse: dbUserToResponse(u, fields, nil),
MaxInvites: u.MaxInvites,
Discord: u.Discord,
DiscordUsername: u.DiscordUsername,
})
return nil
}