gorb/backend
5
0
Fork 1
Code Issues 14 Pull requests Projects Releases Packages 1 Wiki Activity Actions
backend/src/api/v1/auth/revoke.rs
Radical 8ec1610b2e
All checks were successful
ci/woodpecker/push/build-and-publish Pipeline was successful
Details
feat: remove dependency on socket.io 
Keeping stuff commented so we can revisit, currently just need a working version
2025-07-20 18:11:31 +02:00

60 lines
1.6 KiB
Rust
Raw Blame History

use std::sync::Arc;
use argon2::{PasswordHash, PasswordVerifier};
use axum::{Extension, Json, extract::State, http::StatusCode, response::IntoResponse};
use diesel::{ExpressionMethods, QueryDsl, delete};
use diesel_async::RunQueryDsl;
use serde::Deserialize;
use uuid::Uuid;
use crate::{
AppState,
api::v1::auth::CurrentUser,
error::Error,
schema::{
refresh_tokens::{self, dsl as rdsl},
users::dsl as udsl,
},
};
#[derive(Deserialize)]
pub struct RevokeRequest {
password: String,
device_name: String,
}
// TODO: Should maybe be a delete request?
pub async fn post(
State(app_state): State<Arc<AppState>>,
Extension(CurrentUser(uuid)): Extension<CurrentUser<Uuid>>,
Json(revoke_request): Json<RevokeRequest>,
) -> Result<impl IntoResponse, Error> {
let mut conn = app_state.pool.get().await?;
let database_password: String = udsl::users
.filter(udsl::uuid.eq(uuid))
.select(udsl::password)
.get_result(&mut conn)
.await?;
let hashed_password = PasswordHash::new(&database_password)
.map_err(|e| Error::PasswordHashError(e.to_string()))?;
if app_state
.argon2
.verify_password(revoke_request.password.as_bytes(), &hashed_password)
.is_err()
{
return Err(Error::Unauthorized(
"Wrong username or password".to_string(),
));
}
delete(refresh_tokens::table)
.filter(rdsl::uuid.eq(uuid))
.filter(rdsl::device_name.eq(&revoke_request.device_name))
.execute(&mut conn)
.await?;
Ok(StatusCode::OK)
}
Reference in a new issue View git blame Copy permalink