feat(backend): add max invites to /users/@me responses, use token ID for DELETE /auth/tokens/{id}

backend/db/tokens.go

@@ -81,8 +81,8 @@ func (db *DB) SaveToken(ctx context.Context, userID xid.ID, tokenID xid.ID) (t T
 
 func (db *DB) InvalidateToken(ctx context.Context, userID xid.ID, tokenID xid.ID) (t Token, err error) {
 	sql, args, err := sq.Update("tokens").
-		Where("user_id = ?").
+		Where("user_id = ?", userID).
-		Where("token_id = ?").
+		Where("token_id = ?", tokenID).
 		Set("invalidated", true).
 		Suffix("RETURNING *").
 		ToSql()

backend/routes/auth/routes.go

@@ -77,7 +77,7 @@ func Mount(srv *server.Server, r chi.Router) {
 		// tokens
 		r.With(server.MustAuth).Get("/tokens", server.WrapHandler(s.getTokens))
 		r.With(server.MustAuth).Post("/tokens", server.WrapHandler(s.createToken))
-		r.With(server.MustAuth).Delete("/tokens", server.WrapHandler(s.deleteToken))
+		r.With(server.MustAuth).Delete("/tokens/{id}", server.WrapHandler(s.deleteToken))
 	})
 }
 

backend/routes/auth/tokens.go

@@ -7,7 +7,9 @@ import (
 	"codeberg.org/u1f320/pronouns.cc/backend/db"
 	"codeberg.org/u1f320/pronouns.cc/backend/server"
 	"emperror.dev/errors"
+	"github.com/go-chi/chi/v5"
 	"github.com/go-chi/render"
+	"github.com/jackc/pgx/v4"
 	"github.com/rs/xid"
 )
 
@@ -53,8 +55,17 @@ func (s *Server) deleteToken(w http.ResponseWriter, r *http.Request) error {
 	ctx := r.Context()
 	claims, _ := server.ClaimsFromContext(ctx)
 
-	t, err := s.DB.InvalidateToken(ctx, claims.UserID, claims.TokenID)
+	tokenID, err := xid.FromString(chi.URLParam(r, "id"))
 	if err != nil {
+		return server.APIError{Code: server.ErrBadRequest}
+	}
+
+	t, err := s.DB.InvalidateToken(ctx, claims.UserID, tokenID)
+	if err != nil {
+		if errors.Cause(err) == pgx.ErrNoRows {
+			return server.APIError{Code: server.ErrNotFound}
+		}
+
 		return errors.Wrap(err, "invalidating token")
 	}
 

backend/routes/user/get_user.go

@@ -27,6 +27,7 @@ type GetUserResponse struct {
 type GetMeResponse struct {
 	GetUserResponse
 
+	MaxInvites      int     `json:"max_invites"`
 	Discord         *string `json:"discord"`
 	DiscordUsername *string `json:"discord_username"`
 }
@@ -156,6 +157,7 @@ func (s *Server) getMeUser(w http.ResponseWriter, r *http.Request) error {
 
 	render.JSON(w, r, GetMeResponse{
 		GetUserResponse: dbUserToResponse(u, fields, members),
+		MaxInvites:      u.MaxInvites,
 		Discord:         u.Discord,
 		DiscordUsername: u.DiscordUsername,
 	})

backend/routes/user/patch_user.go

@@ -212,7 +212,12 @@ func (s *Server) patchUser(w http.ResponseWriter, r *http.Request) error {
 	}
 
 	// echo the updated user back on success
-	render.JSON(w, r, dbUserToResponse(u, fields, nil))
+	render.JSON(w, r, GetMeResponse{
+		GetUserResponse: dbUserToResponse(u, fields, nil),
+		MaxInvites:      u.MaxInvites,
+		Discord:         u.Discord,
+		DiscordUsername: u.DiscordUsername,
+	})
 	return nil
 }