From 62b2e3ca0d2a90d7dbf4ede070bc702fd2e1c957 Mon Sep 17 00:00:00 2001 From: Sam Date: Mon, 13 Mar 2023 17:01:36 +0100 Subject: [PATCH] feat(backend): add max invites to /users/@me responses, use token ID for DELETE /auth/tokens/{id} --- backend/db/tokens.go | 4 ++-- backend/routes/auth/routes.go | 2 +- backend/routes/auth/tokens.go | 13 ++++++++++++- backend/routes/user/get_user.go | 2 ++ backend/routes/user/patch_user.go | 7 ++++++- 5 files changed, 23 insertions(+), 5 deletions(-) diff --git a/backend/db/tokens.go b/backend/db/tokens.go index 1c8e73e..b812dae 100644 --- a/backend/db/tokens.go +++ b/backend/db/tokens.go @@ -81,8 +81,8 @@ func (db *DB) SaveToken(ctx context.Context, userID xid.ID, tokenID xid.ID) (t T func (db *DB) InvalidateToken(ctx context.Context, userID xid.ID, tokenID xid.ID) (t Token, err error) { sql, args, err := sq.Update("tokens"). - Where("user_id = ?"). - Where("token_id = ?"). + Where("user_id = ?", userID). + Where("token_id = ?", tokenID). Set("invalidated", true). Suffix("RETURNING *"). ToSql() diff --git a/backend/routes/auth/routes.go b/backend/routes/auth/routes.go index 4494693..05e6628 100644 --- a/backend/routes/auth/routes.go +++ b/backend/routes/auth/routes.go @@ -77,7 +77,7 @@ func Mount(srv *server.Server, r chi.Router) { // tokens r.With(server.MustAuth).Get("/tokens", server.WrapHandler(s.getTokens)) r.With(server.MustAuth).Post("/tokens", server.WrapHandler(s.createToken)) - r.With(server.MustAuth).Delete("/tokens", server.WrapHandler(s.deleteToken)) + r.With(server.MustAuth).Delete("/tokens/{id}", server.WrapHandler(s.deleteToken)) }) } diff --git a/backend/routes/auth/tokens.go b/backend/routes/auth/tokens.go index 447d265..d490e34 100644 --- a/backend/routes/auth/tokens.go +++ b/backend/routes/auth/tokens.go @@ -7,7 +7,9 @@ import ( "codeberg.org/u1f320/pronouns.cc/backend/db" "codeberg.org/u1f320/pronouns.cc/backend/server" "emperror.dev/errors" + "github.com/go-chi/chi/v5" "github.com/go-chi/render" + "github.com/jackc/pgx/v4" "github.com/rs/xid" ) @@ -53,8 +55,17 @@ func (s *Server) deleteToken(w http.ResponseWriter, r *http.Request) error { ctx := r.Context() claims, _ := server.ClaimsFromContext(ctx) - t, err := s.DB.InvalidateToken(ctx, claims.UserID, claims.TokenID) + tokenID, err := xid.FromString(chi.URLParam(r, "id")) if err != nil { + return server.APIError{Code: server.ErrBadRequest} + } + + t, err := s.DB.InvalidateToken(ctx, claims.UserID, tokenID) + if err != nil { + if errors.Cause(err) == pgx.ErrNoRows { + return server.APIError{Code: server.ErrNotFound} + } + return errors.Wrap(err, "invalidating token") } diff --git a/backend/routes/user/get_user.go b/backend/routes/user/get_user.go index 6e9da05..a99ff43 100644 --- a/backend/routes/user/get_user.go +++ b/backend/routes/user/get_user.go @@ -27,6 +27,7 @@ type GetUserResponse struct { type GetMeResponse struct { GetUserResponse + MaxInvites int `json:"max_invites"` Discord *string `json:"discord"` DiscordUsername *string `json:"discord_username"` } @@ -156,6 +157,7 @@ func (s *Server) getMeUser(w http.ResponseWriter, r *http.Request) error { render.JSON(w, r, GetMeResponse{ GetUserResponse: dbUserToResponse(u, fields, members), + MaxInvites: u.MaxInvites, Discord: u.Discord, DiscordUsername: u.DiscordUsername, }) diff --git a/backend/routes/user/patch_user.go b/backend/routes/user/patch_user.go index d680865..a54b68b 100644 --- a/backend/routes/user/patch_user.go +++ b/backend/routes/user/patch_user.go @@ -212,7 +212,12 @@ func (s *Server) patchUser(w http.ResponseWriter, r *http.Request) error { } // echo the updated user back on success - render.JSON(w, r, dbUserToResponse(u, fields, nil)) + render.JSON(w, r, GetMeResponse{ + GetUserResponse: dbUserToResponse(u, fields, nil), + MaxInvites: u.MaxInvites, + Discord: u.Discord, + DiscordUsername: u.DiscordUsername, + }) return nil }