diff --git a/src/api/v1/auth/login.rs b/src/api/v1/auth/login.rs index 04d6b4f..5229425 100644 --- a/src/api/v1/auth/login.rs +++ b/src/api/v1/auth/login.rs @@ -11,7 +11,7 @@ use crate::{ error::Error, schema::*, utils::{ - PASSWORD_REGEX, generate_access_token, generate_refresh_token, new_refresh_token_cookie, + PASSWORD_REGEX, generate_access_token, generate_refresh_token, refresh_token_cookie, user_uuid_from_identifier, }, }; @@ -89,6 +89,6 @@ pub async fn response( .await?; Ok(HttpResponse::Ok() - .cookie(new_refresh_token_cookie(refresh_token)) + .cookie(refresh_token_cookie(refresh_token)) .json(Response { access_token })) } diff --git a/src/api/v1/auth/logout.rs b/src/api/v1/auth/logout.rs deleted file mode 100644 index 79b5c36..0000000 --- a/src/api/v1/auth/logout.rs +++ /dev/null @@ -1,31 +0,0 @@ -use actix_web::{HttpRequest, HttpResponse, post, web}; -use diesel::{ExpressionMethods, delete}; -use diesel_async::RunQueryDsl; - -use crate::{ - Data, - error::Error, - schema::refresh_tokens::{self, dsl}, -}; - -// TODO: Should maybe be a delete request? -#[post("/logout")] -pub async fn res( - req: HttpRequest, - data: web::Data, -) -> Result { - let mut refresh_token_cookie = req.cookie("refresh_token").ok_or(Error::Unauthorized("request has no refresh token".to_string()))?; - - let refresh_token = String::from(refresh_token_cookie.value()); - - let mut conn = data.pool.get().await?; - - delete(refresh_tokens::table) - .filter(dsl::token.eq(refresh_token)) - .execute(&mut conn) - .await?; - - refresh_token_cookie.make_removal(); - - Ok(HttpResponse::Ok().cookie(refresh_token_cookie).finish()) -} diff --git a/src/api/v1/auth/mod.rs b/src/api/v1/auth/mod.rs index 75a6b0b..d627a59 100644 --- a/src/api/v1/auth/mod.rs +++ b/src/api/v1/auth/mod.rs @@ -9,7 +9,6 @@ use uuid::Uuid; use crate::{Conn, error::Error, schema::access_tokens::dsl}; mod login; -mod logout; mod refresh; mod register; mod reset_password; @@ -25,7 +24,6 @@ pub fn web() -> Scope { web::scope("/auth") .service(register::res) .service(login::response) - .service(logout::res) .service(refresh::res) .service(revoke::res) .service(verify_email::get) diff --git a/src/api/v1/auth/refresh.rs b/src/api/v1/auth/refresh.rs index cc3bbe9..b64b10e 100644 --- a/src/api/v1/auth/refresh.rs +++ b/src/api/v1/auth/refresh.rs @@ -11,16 +11,20 @@ use crate::{ access_tokens::{self, dsl}, refresh_tokens::{self, dsl as rdsl}, }, - utils::{generate_access_token, generate_refresh_token, new_refresh_token_cookie}, + utils::{generate_access_token, generate_refresh_token, refresh_token_cookie}, }; use super::Response; #[post("/refresh")] pub async fn res(req: HttpRequest, data: web::Data) -> Result { - let mut refresh_token_cookie = req.cookie("refresh_token").ok_or(Error::Unauthorized("request has no refresh token".to_string()))?; + let recv_refresh_token_cookie = req.cookie("refresh_token"); - let mut refresh_token = String::from(refresh_token_cookie.value()); + if recv_refresh_token_cookie.is_none() { + return Ok(HttpResponse::Unauthorized().finish()); + } + + let mut refresh_token = String::from(recv_refresh_token_cookie.unwrap().value()); let current_time = SystemTime::now().duration_since(UNIX_EPOCH)?.as_secs() as i64; @@ -43,6 +47,8 @@ pub async fn res(req: HttpRequest, data: web::Data) -> Result) -> Result Result<&str, Error> { Ok(auth_value.unwrap()) } -pub fn new_refresh_token_cookie(refresh_token: String) -> Cookie<'static> { +pub fn refresh_token_cookie(refresh_token: String) -> Cookie<'static> { Cookie::build("refresh_token", refresh_token) .http_only(true) .secure(true)