gractwo/mnemosyne
4
0
Fork 0
Code Pull Requests Actions Packages Activity

session revoking, perm, DatabaseError (partially)

Browse Source
This commit is contained in:
jakubmanczak
2026-02-28 23:27:56 +01:00
parent 94dcc1816d
commit c8d15f8c6b
4 changed files with 45 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/api/mod.rs
View File

@@ -5,6 +5,7 @@ use axum::{
};
use crate::{
database::DatabaseError,
tags::TagError,
users::{UserError, auth::AuthError, sessions::SessionError},
};
@@ -23,6 +24,7 @@ pub fn api_router() -> Router {
.route("/api/users/{id}", get(users::get_by_id))
.route("/api/users/@{handle}", get(users::get_by_handle))
.route("/api/sessions/{id}", get(sessions::get_by_id))
.route("/api/sessions/{id}/revoke", post(sessions::revoke_by_id))
.route("/api/tags/{id}", get(tags::get_by_id))
.route("/api/tags/#{name}", get(tags::get_by_name))
}
@@ -45,4 +47,4 @@ macro_rules! composite_from {
)+
};
}
composite_from!(AuthError, UserError, SessionError, TagError);
composite_from!(AuthError, UserError, SessionError, TagError, DatabaseError);

28
src/api/sessions.rs
View File

@@ -1,7 +1,7 @@
use axum::{
Json,
extract::Path,
http::HeaderMap,
http::{HeaderMap, StatusCode},
response::{IntoResponse, Response},
};
use uuid::Uuid;
@@ -31,3 +31,29 @@ pub async fn get_by_id(
false => Err(SessionError::NoSessionWithId(id))?,
}
}
pub async fn revoke_by_id(
Path(id): Path<Uuid>,
headers: HeaderMap,
) -> Result<Response, CompositeError> {
let u = User::authenticate(&headers)?.required()?;
let mut s = Session::get_by_id(id)?;
match s.user_id == u.id
|| u.has_permission(Permission::RevokeOthersSessions)
.is_ok_and(|v| v)
{
true => {
s.revoke(Some(&u))?;
Ok(Json(s).into_response())
}
false => match u.has_permission(Permission::ListOthersSessions)? {
true => Ok((
StatusCode::FORBIDDEN,
"You don't have permission to revoke this session.",
)
.into_response()),
false => Err(SessionError::NoSessionWithId(id))?,
},
}
}