fix: make DELETE /v1/me/tokens remove all refresh tokens too

geode-sdk · Jan 21, 2025 · 9d4d24e · 9d4d24e
1 parent 8484fc3
commit 9d4d24e
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 2 deletions.
diff --git a/src/database/repository/refresh_tokens.rs b/src/database/repository/refresh_tokens.rs
@@ -42,6 +42,25 @@ pub async fn remove_token(token: Uuid, conn: &mut PgConnection) -> Result<(), Ap
     Ok(())
 }
 
+pub async fn remove_developer_tokens(
+    developer_id: i32,
+    conn: &mut PgConnection,
+) -> Result<(), ApiError> {
+    sqlx::query!(
+        "DELETE FROM refresh_tokens
+        WHERE developer_id = $1",
+        developer_id
+    )
+    .execute(conn)
+    .await
+    .map_err(|e| {
+        log::error!("Failed to remove refresh tokens: {}", e);
+        ApiError::DbError
+    })?;
+
+    Ok(())
+}
+
 pub async fn cleanup(conn: &mut PgConnection) -> Result<(), ApiError> {
     sqlx::query!(
         "DELETE FROM refresh_tokens

diff --git a/src/endpoints/auth/github.rs b/src/endpoints/auth/github.rs
@@ -70,7 +70,7 @@ pub async fn start_github_web_login(data: web::Data<AppData>) -> Result<impl Res
     Ok(web::Json(ApiResponse {
         error: "".into(),
         payload: format!(
-            "https://github.com/login/oauth/authorize?client_id={}&redirect_uri={}&scope=user&state={}",
+            "https://github.com/login/oauth/authorize?client_id={}&redirect_uri={}&scope=read:user&state={}",
             data.github().client_id(),
             format!("{}/login/github/callback", data.front_url()),
             secret.to_string()

diff --git a/src/endpoints/developers.rs b/src/endpoints/developers.rs
@@ -2,7 +2,7 @@ use actix_web::{delete, get, post, put, web, HttpResponse, Responder};
 use serde::{Deserialize, Serialize};
 
 use crate::config::AppData;
-use crate::database::repository::{auth_tokens, developers, mods};
+use crate::database::repository::{auth_tokens, developers, mods, refresh_tokens};
 use crate::{
     extractors::auth::Auth,
     types::{
@@ -182,6 +182,7 @@ pub async fn delete_tokens(
         .or(Err(ApiError::DbAcquireError))?;
 
     auth_tokens::remove_developer_tokens(dev.id, &mut pool).await?;
+    refresh_tokens::remove_developer_tokens(dev.id, &mut pool).await?;
 
     Ok(HttpResponse::NoContent())
 }