feat: use device_name in refresh_tokens table

2025-05-01 20:19:18 +02:00 · 2025-05-01 20:19:18 +02:00 · a89d705239
commit a89d705239
parent c009d578a7
3 changed files with 10 additions and 7 deletions
--- a/src/api/v1/auth/login.rs
+++ b/src/api/v1/auth/login.rs
@ -52,14 +52,14 @@ pub async fn response(mut payload: web::Payload, data: web::Data<Data>) -> Resul
    if email_regex.is_match(&login_information.username) {
        if let Ok(row) = sqlx::query_as("SELECT CAST(uuid as VARCHAR), password FROM users WHERE email = $1").bind(login_information.username).fetch_one(&data.pool).await {
            let (uuid, password): (String, String) = row;
-            return Ok(login(data.clone(), uuid, login_information.password, password).await)
+            return Ok(login(data.clone(), uuid, login_information.password, password, login_information.device_name).await)
        }
        return Ok(HttpResponse::Unauthorized().finish())
    } else if username_regex.is_match(&login_information.username) {
        if let Ok(row) = sqlx::query_as("SELECT CAST(uuid as VARCHAR), password FROM users WHERE username = $1").bind(login_information.username).fetch_one(&data.pool).await {
            let (uuid, password): (String, String) = row;
-            return Ok(login(data.clone(), uuid, login_information.password, password).await)
+            return Ok(login(data.clone(), uuid, login_information.password, password, login_information.device_name).await)
        }
        return Ok(HttpResponse::Unauthorized().finish())
@ -68,7 +68,7 @@ pub async fn response(mut payload: web::Payload, data: web::Data<Data>) -> Resul
    Ok(HttpResponse::Unauthorized().finish())
 }
-async fn login(data: actix_web::web::Data<Data>, uuid: String, request_password: String, database_password: String) -> HttpResponse {
+async fn login(data: actix_web::web::Data<Data>, uuid: String, request_password: String, database_password: String, device_name: String) -> HttpResponse {
    if let Ok(parsed_hash) = PasswordHash::new(&database_password) {
        if data.argon2.verify_password(request_password.as_bytes(), &parsed_hash).is_ok() {
            let refresh_token = generate_refresh_token();
@ -90,16 +90,17 @@ async fn login(data: actix_web::web::Data<Data>, uuid: String, request_password:
            let current_time = SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() as i64;
-            if let Err(error) = sqlx::query(&format!("INSERT INTO refresh_tokens (token, uuid, created) VALUES ($1, '{}', $2 )", uuid))
+            if let Err(error) = sqlx::query(&format!("INSERT INTO refresh_tokens (token, uuid, created, device_name) VALUES ($1, '{}', $2, $3 )", uuid))
                .bind(&refresh_token)
                .bind(current_time)
                .bind(device_name)
                .execute(&data.pool)
                .await {
                eprintln!("{}", error);
                return HttpResponse::InternalServerError().finish()
            }
-            if let Err(error) = sqlx::query(&format!("INSERT INTO refresh_tokens (token, refresh_token, uuid, created) VALUES ($1, $2, '{}', $3 )", uuid))
+            if let Err(error) = sqlx::query(&format!("INSERT INTO access_tokens (token, refresh_token, uuid, created) VALUES ($1, $2, '{}', $3 )", uuid))
                .bind(&access_token)
                .bind(&refresh_token)
                .bind(current_time)
--- a/src/api/v1/auth/register.rs
+++ b/src/api/v1/auth/register.rs
@ -132,9 +132,10 @@ pub async fn res(mut payload: web::Payload, data: web::Data<Data>) -> Result<Htt
                    let current_time = SystemTime::now().duration_since(UNIX_EPOCH).unwrap().as_secs() as i64;
-                    if let Err(error) = sqlx::query(&format!("INSERT INTO refresh_tokens (token, uuid, created) VALUES ($1, '{}', $2 )", uuid))
+                    if let Err(error) = sqlx::query(&format!("INSERT INTO refresh_tokens (token, uuid, created, device_name) VALUES ($1, '{}', $2, $3 )", uuid))
                        .bind(&refresh_token)
                        .bind(current_time)
                        .bind(account_information.device_name)
                        .execute(&data.pool)
                        .await {
                        eprintln!("{}", error);
--- a/src/main.rs
+++ b/src/main.rs
@ -56,7 +56,8 @@ async fn main() -> Result<(), Error> {
        CREATE TABLE IF NOT EXISTS refresh_tokens (
            token varchar(64) PRIMARY KEY UNIQUE NOT NULL,
            uuid uuid NOT NULL REFERENCES users(uuid),
-            created int8 NOT NULL
+            created int8 NOT NULL,
            device_name varchar(16) NOT NULL
        );
        CREATE TABLE IF NOT EXISTS access_tokens (
            token varchar(32) PRIMARY KEY UNIQUE NOT NULL,